Troubleshooting “zsh: operation not permitted”

If you try to run a script from the Terminal in macOS, you may get an error that says zsh: operation not permitted. As of this writing, the top Google search results for that all point to needing to grant the Terminal full disk access (either via System Preferences > Security & Privacy > Privacy… Continue reading Troubleshooting “zsh: operation not permitted”

Updating Zoom manually if you’re using the Zoom IT installer

What’s the issue? Many Mac admins use the Zoom IT installer to keep Zoom up to date, because it can actually be installed in the background. But if you (as a Mac admin) install the Zoom IT version and don’t immediately update to the latest Zoom version, your users will encounter a Your Zoom application… Continue reading Updating Zoom manually if you’re using the Zoom IT installer

If you can log in and use sudo but can’t unlock Sys Pref prefpanes in Big Sur

I and at least one other person on the MacAdmins Slack saw situations in which a known working password (can log into the computer, can use sudo to escalate privileges in the terminal) on an admin account is not working in System Preferences to unlock a prefpane. Special thanks to owen on the MacAdmins Slack… Continue reading If you can log in and use sudo but can’t unlock Sys Pref prefpanes in Big Sur

Installing Rosetta 2 on M1 Apple Silicon Macs (why checks matter)

Actual guides This isn’t really a guide to how to install Rosetta 2. There are already much better guides for those: Rich Trouton’s Installing Rosetta 2 on Apple Silicon Macs Graham Gilbert’s Installing Rosetta 2 on Apple Silicon Macs Rich Trouton’s blog post has some checks to make sure the Mac is running at least… Continue reading Installing Rosetta 2 on M1 Apple Silicon Macs (why checks matter)

Double-checking details of deployed PPPC/TCC profile from MDM

If you’ve deployed a PPPC/TCC profile from your user-approved MDM to a Mac, and you see the profile in System Preferences > Profiles, you can also verify all the details of the deployed profile on the Mac itself by going to /Library/Application Support/com.apple.TCC/MDMOverrides.plist (which is an SIP-protected directory, by the way).

How to deploy a .pkg via Munki if a config file has to be in the same directory

Vendors package software in funny ways sometimes. Every now and then, you might come across a vendor .pkg that comes with some kind of .xml or .cfg or .txt that has to be in the same directory as the .pkg. It’s likely because there’s some postinstall script in the .pkg itself that references that text… Continue reading How to deploy a .pkg via Munki if a config file has to be in the same directory

Some basics of DEPNotify and a sample script

If you’ve been doing Munki admin’ing for a short while, you’ve probably heard people talk about DEPNotify, whose README says is “a small light weight notification app that was designed to let your users know what’s going on during a DEP enrollment.” Aforementioned DEPNotify README is fairly comprehensive in terms of going over all the… Continue reading Some basics of DEPNotify and a sample script

Fixing DEPNotify GUI not launching with keyPath error

I’m not sure how my computer got into this funky state, but I was playing around with a DEPNotify script, and after a while, I was suddenly getting these errors every time I tried to run it: DEPNotify[12422:409983] Failed to set (keyPath) user defined inspected property on (DEPNotify.WindowController): [ setValue:forUndefinedKey:]: this class is not key… Continue reading Fixing DEPNotify GUI not launching with keyPath error